| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Apr 2016 06:40:47 +0200 From: Willy Tarreau <w@....eu> To: Ben Hutchings <ben@...adent.org.uk> Cc: Sasha Levin <sasha.levin@...cle.com>, Jiri Slaby <jslaby@...e.cz>, Greg KH <greg@...ah.com>, LKML <linux-kernel@...r.kernel.org>, stable <stable@...r.kernel.org>, lwn@....net Subject: Re: stable-security kernel updates On Tue, Apr 26, 2016 at 01:14:13AM +0200, Ben Hutchings wrote: > On Thu, 2016-04-21 at 16:33 +0200, Willy Tarreau wrote: > > On Thu, Apr 21, 2016 at 10:27:46AM -0400, Sasha Levin wrote: > > > > > > This means that missing CVE fixes are quite common with stable > > > trees? > > Until someone reports they are missing :-) > > Or they are unfixed upstream (there are a good few of those). > > Debian has a public list of all unembargoed kernel security issues that > have CVEs (and a few that don't), with references to any upstream > commits and fixed stable versions - but only for the stable branches > that our stable releases follow. > > The mapping of CVE IDs to commits may be useful to other stable > maintainers, even if the rest isn't. > > svn co svn://scm.alioth.debian.org/svn/kernel-sec/ Thanks for sharing this Ben, it can indeed be helpful sometimes and it's well organized! Willy
Powered by blists - more mailing lists